CFPB Enforcement Actions: The Public Record of $20 Billion in Consumer Finance Penalties

Since opening its doors in 2011, the Consumer Financial Protection Bureau has brought more than 200 formal enforcement actions against banks, lenders, servicers, and debt collectors — extracting over $20 billion in consumer relief and civil money penalties. The public enforcement database at consumerfinance.gov is the most granular window into how federal consumer financial law is actually applied, case by case, company by company.

Enforcement actions vs. consumer complaints

The CFPB maintains two distinct public datasets that are frequently confused. The Consumer Complaint Database (5M+ complaints) is a real-time firehose of individual grievances submitted by the public — unverified, voluminous, and useful as a leading indicator of industry problems. The Enforcement Actions database is the opposite: a curated, authoritative record of formal legal proceedings that the Bureau has actually filed against specific companies. Where a complaint is an allegation, an enforcement action is a legal finding (or at minimum, a credible public accusation backed by the Bureau's investigative resources).

The pipeline between the two runs in one direction. Complaints accumulate, examiners identify patterns during supervisory exams, and enforcement referrals follow months or years later. Researchers who track complaint volume against specific institutions often see elevated complaint counts 18–36 months before a public enforcement action appears. The enforcement record is therefore the lagging confirmation of what the complaint signal was already saying.

Statutory authority

The CFPB's enforcement powers derive primarily from Title X of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010. Two sections define the litigation framework:

• Section 1054 — Authorizes the CFPB to bring civil enforcement actions in federal district court against any covered person or service provider. The Bureau can seek injunctive relief, restitution, disgorgement, damages, and civil money penalties up to $25,000 per day for violations (up to $100,000/day for reckless violations, $1,000,000/day for knowing violations, subject to inflation adjustments).
• Section 1053 — Creates the administrative adjudication track. Rather than filing in federal court, the Bureau can initiate proceedings before an administrative law judge, which can result in consent orders, cease-and-desist orders, and civil money penalties. Administrative proceedings have historically resolved faster than federal litigation but offer fewer procedural protections.

Beyond Dodd-Frank, the CFPB has authority to enforce 19 enumerated federal consumer financial laws, including the Truth in Lending Act (TILA), Real Estate Settlement Procedures Act (RESPA), Equal Credit Opportunity Act (ECOA), Fair Credit Reporting Act (FCRA), Fair Debt Collection Practices Act (FDCPA), Electronic Fund Transfer Act (EFTA), and the Home Mortgage Disclosure Act (HMDA), among others. This jurisdiction covers the full consumer financial lifecycle: origination, servicing, reporting, collections, and remittances.

The UDAAP standard

The most powerful — and most contested — enforcement tool in the CFPB's arsenal is the prohibition against “unfair, deceptive, or abusive acts or practices” (UDAAP). The “unfair” and “deceptive” prongs trace back to the FTC Act and decades of case law. Dodd-Frank added “abusive” as a novel third prong that has no direct predecessor in federal law.

The distinctions matter operationally:

• Deceptive: a representation, omission, or practice that is likely to mislead a reasonable consumer and is material to their decision. Requires showing that a consumer could have been misled, not that they actually were.
• Unfair: causes or is likely to cause substantial injury to consumers, which is not reasonably avoidable and is not outweighed by countervailing benefits to consumers or competition. Borrowed from FTC Act Section 5.
• Abusive: materially interferes with a consumer's ability to understand a term or condition, or takes unreasonable advantage of a consumer's lack of understanding, inability to protect their own interests, or reasonable reliance on the covered person. Critically, abusiveness does not require consumer confusion — it can be found even where all disclosures are technically accurate.

The “abusive” standard gave the CFPB a tool calibrated for modern financial products, where complexity and information asymmetry are often the injury mechanism rather than outright fraud. It has also been the most legally contested prong: the Fifth Circuit's 2024 decision in CFPB v. CURO and subsequent challenges attempted to narrow its scope, with mixed results at the circuit level as of mid-2026.

What the enforcement database contains

Each record in the enforcement actions database includes:

• Company / respondent name — the legal entity against which the action was filed
• Filing date — when the complaint, consent order, or administrative proceeding was initiated
• Forum — federal district court or CFPB administrative proceeding
• Statutes and regulations violated — one or more of the enumerated laws or Dodd-Frank's UDAAP provision
• Violation type — brief description (e.g., “illegal fees,” “fair lending,” “debt collection”)
• Outcome — consent order, final judgment, dismissal, or ongoing litigation
• Relief ordered — consumer redress (amounts owed back to harmed consumers), civil money penalties (paid to Treasury), and injunctive relief (behavioral prohibitions)
• Document links — PDFs of the complaint, consent order, final order, and any exhibits

The database is publicly searchable at consumerfinance.gov/enforcement/actions/ but is not available as a bulk CSV download. Each action is a structured HTML page with linked PDFs, which requires scraping or the CFPB's public API to aggregate at scale.

Scale and aggregate statistics

As of mid-2026, the CFPB has brought more than 200 public enforcement actions since its first in 2012. The aggregate relief across all resolved actions exceeds $20 billion, spanning:

• Consumer redress: money returned directly to harmed consumers through restitution or disgorgement, the largest component by dollar value
• Civil money penalties: fines paid to the Treasury, typically smaller than redress but significant as a deterrent signal
• Injunctive relief: behavioral prohibitions, enhanced compliance programs, independent monitor requirements

The distribution is heavily skewed. The top ten actions by dollar value account for roughly half the total relief. Median action size is substantially lower — many cases against smaller mortgage companies, debt collectors, and credit repair firms resolve in the low millions.

Landmark cases

A handful of enforcement actions illustrate the full range of the CFPB's authority:

Wells Fargo — $3.7 billion (2022)

The largest enforcement action in CFPB history. The December 2022 consent order covered failures across three product lines simultaneously: auto loan servicing (improper repossessions, insurance add-ons, payment processing errors), mortgage origination and servicing (wrongful denials, fee errors, foreclosure processing failures), and deposit accounts (surprise overdraft fees, unlawful account freezes). The $3.7 billion included $2.0 billion in consumer redress and $1.7 billion in civil money penalties. The action followed years of supervisory findings and smaller enforcement actions going back to the 2016 fake accounts scandal.

Navient — $195 million (2022)

The CFPB's January 2022 settlement with Navient, the largest student loan servicer in the country, resolved a lawsuit originally filed in 2017. The Bureau alleged Navient steered borrowers who qualified for income-driven repayment plans into costly forbearance instead, accumulated interest, and misreported loan statuses to credit bureaus. The $195 million settlement included $95 million in restitution to approximately 350,000 federal student loan borrowers and cancellation of $1.7 billion in private loan balances for approximately 66,000 borrowers.

BancorpSouth — $10.6 million (2016)

One of the CFPB's landmark fair lending actions. Examiners found that BancorpSouth denied mortgage applications from Black applicants at rates inconsistent with creditworthiness differences, and that loan officers made racially disparate statements captured in testing. The redlining settlement, coordinated with the DOJ, included $4 million in community investment and required enhanced fair lending compliance infrastructure across the bank's Mississippi, Alabama, and Tennessee markets.

Credit Acceptance Corporation — $27.2 million (2021)

The CFPB sued Credit Acceptance, a major subprime auto lender, alleging it structured loans it knew borrowers could not repay, hid the true cost of financing through add-on products, and misled dealers who originated the loans. The $27.2 million settlement included consumer redress and a civil money penalty, along with requirements to change underwriting and disclosure practices.

MoneyGram — $18 million (2023)

The CFPB's action against MoneyGram targeted remittance transfer failures: the company disclosed incorrect exchange rates and transfer fees, failed to deliver funds within the legally required window, and did not provide required receipts and error resolution disclosures under the Electronic Fund Transfer Act's remittance rules. The $18 million penalty (paid to Treasury) was paired with a compliance order requiring systematic disclosure reforms.

Supervision vs. enforcement: the iceberg dynamic

Enforcement actions are the visible tip of the CFPB's supervisory iceberg. The Bureau has examination authority over all federally insured depository institutions with more than $10 billion in assets (roughly 100 institutions) and, uniquely among federal regulators, over certain categories of nonbank financial companies regardless of size — mortgage companies, payday lenders, private student loan servicers, auto lenders, debt collectors, and prepaid card providers.

Most supervisory findings never become public enforcement actions. Examiners issue confidential supervisory findings and matters requiring attention (MRAs), and institutions typically remediate violations quietly. Public enforcement follows when: (a) the violation is systemic rather than isolated; (b) prior supervisory directives were not followed; (c) the consumer harm is large enough to justify the resource cost of litigation; or (d) public deterrence is a Bureau priority. This means the enforcement database, large as it is, represents a carefully curated selection from a much larger universe of identified violations.

Political cycle and enforcement trends

The enforcement record maps closely to political administrations, which control Bureau leadership through the director appointment:

• Obama era (2012–2016): Director Richard Cordray built the enforcement program from scratch. Actions accelerated each year, with major cases against banks, payday lenders, credit card issuers, and student loan servicers. The CFPB filed more than 120 public actions in this period, establishing the core UDAAP precedents.
• First Trump era (2017–2020): Acting Director Mick Mulvaney and then Director Kathy Kraninger substantially reduced enforcement activity. New case filings dropped by roughly half compared to the Cordray years, several pending investigations were closed without action, and the Bureau formally narrowed its interpretation of “abusive” in a 2020 policy statement (later rescinded).
• Biden era (2021–2024): Director Rohit Chopra restored and expanded the enforcement program. The Wells Fargo and Navient resolutions were the headline actions, but the Bureau also pursued novel theories — junk fees, medical debt credit reporting, and nonbank enforcement using new registry authority. Enforcement filings returned to near Cordray-era levels.
• 2025 and the structural challenge: Following the change in administration, the second Trump CFPB leadership again sharply curtailed enforcement activity, withdrew several pending suits, and faced a constitutional challenge to the Bureau's single-director structure (partially resolved in CFPB v. Community Financial Services Assoc. in 2024, but with ongoing circuit-level litigation over specific enforcement theories). The public enforcement database remains available but new additions have slowed considerably as of mid-2026.

Accessing the database

The CFPB publishes enforcement actions at consumerfinance.gov/enforcement/actions/. The interface supports filtering by date range, law violated, and company name, but does not offer a bulk CSV download. For analytical work, researchers have two options:

• CFPB public API: The Bureau offers a limited API at api.consumerfinance.gov for complaint data, but enforcement actions are not served as structured JSON. The listing pages use server-rendered HTML with consistent CSS selectors, making scraping straightforward.
• Direct scraping: The listing uses paginated HTML pages with a consistent ?page=N query parameter. Each action links to a detail page with a summary, violated statutes, and PDF links. The code below implements both the pagination scrape and detail-page extraction.

Python: scraping and analyzing enforcement actions

The script below scrapes the CFPB enforcement actions listing, extracts key fields from each action's detail page, parses dollar amounts from prose relief descriptions, and outputs a sorted table plus a CSV export. It uses only the standard library plus requests and beautifulsoup4.

import requests
from bs4 import BeautifulSoup
import re
import csv
import time

BASE_URL = "https://www.consumerfinance.gov"
ACTIONS_URL = BASE_URL + "/enforcement/actions/"

def parse_relief_amount(text):
    """Extract dollar amount from relief text, return float in millions or 0."""
    if not text:
        return 0.0
    # Match patterns like $3.7 billion, $195 million, $27.2 million
    match = re.search(r'\$(\d+(?:\.\d+)?)\s*(billion|million|thousand)?', text, re.IGNORECASE)
    if not match:
        return 0.0
    amount = float(match.group(1))
    unit = (match.group(2) or "").lower()
    if unit == "billion":
        amount *= 1000
    elif unit == "thousand":
        amount /= 1000
    return amount  # in millions

def fetch_enforcement_actions(max_pages=10):
    """Scrape CFPB enforcement actions listing pages."""
    actions = []
    page = 1

    while page <= max_pages:
        params = {"page": page}
        resp = requests.get(ACTIONS_URL, params=params, timeout=30,
                            headers={"User-Agent": "research-bot/1.0"})
        if resp.status_code != 200:
            break

        soup = BeautifulSoup(resp.text, "html.parser")

        # Each action is in an <article> or list item with class activity-block
        items = soup.select("article.o-post-preview, li.o-post-preview")
        if not items:
            break

        for item in items:
            title_el = item.select_one(".o-post-preview__title a, h3 a, h2 a")
            date_el  = item.select_one("time, .o-post-preview__time")
            tags_el  = item.select_all(".o-post-preview__topics li, .m-tag")

            name = title_el.get_text(strip=True) if title_el else ""
            href = title_el["href"] if title_el and title_el.has_attr("href") else ""
            date = date_el.get("datetime", date_el.get_text(strip=True)) if date_el else ""
            tags = [t.get_text(strip=True) for t in tags_el] if tags_el else []

            # Fetch individual action page for relief amount
            relief_text = ""
            if href:
                url = href if href.startswith("http") else BASE_URL + href
                try:
                    detail = requests.get(url, timeout=20,
                                          headers={"User-Agent": "research-bot/1.0"})
                    dsoup = BeautifulSoup(detail.text, "html.parser")
                    # Look for redress / penalty summary paragraph
                    for p in dsoup.select("p, li"):
                        if re.search(r'\$(\d)', p.get_text()):
                            relief_text = p.get_text(strip=True)[:200]
                            break
                except Exception:
                    pass
                time.sleep(0.5)

            actions.append({
                "name": name,
                "date": date,
                "url": href,
                "tags": "; ".join(tags),
                "relief_text": relief_text,
                "relief_millions": parse_relief_amount(relief_text),
            })

        page += 1
        time.sleep(1)

    return actions

def main():
    print("Fetching CFPB enforcement actions...")
    actions = fetch_enforcement_actions(max_pages=5)

    # Sort by relief amount descending
    actions.sort(key=lambda x: x["relief_millions"], reverse=True)

    # Print top 20 as a table
    print("\n{:<50} {:>12} {}".format("Company / Action", "Relief ($M)", "Date"))
    print("-" * 80)
    for a in actions[:20]:
        label = a["name"][:48]
        relief = "{:.1f}".format(a["relief_millions"]) if a["relief_millions"] else "n/a"
        print("{:<50} {:>12} {}".format(label, relief, a["date"][:10]))

    # Export full dataset to CSV
    if actions:
        with open("cfpb_enforcement_actions.csv", "w", newline="") as f:
            writer = csv.DictWriter(f, fieldnames=actions[0].keys())
            writer.writeheader()
            writer.writerows(actions)
        print("\nExported " + str(len(actions)) + " actions to cfpb_enforcement_actions.csv")

if __name__ == "__main__":
    main()

A few implementation notes. The relief amount parser uses a regex that handles both “$3.7 billion” and “$195 million” patterns and normalizes to millions for sorting. The detail-page fetch includes a 500ms delay to avoid overloading the CFPB servers; the outer page loop sleeps one second between pages. For a complete dataset, set max_pages high enough to exhaust the listing (currently ~15 pages at 10 actions per page). The CSV export includes the raw relief text so you can audit the parser's extraction.

Cross-agency context

The CFPB does not operate in isolation. Several other federal agencies run parallel or overlapping enforcement programs that analysts should track alongside the CFPB record:

• OCC enforcement actions: The Office of the Comptroller of the Currency supervises national banks and publishes its own enforcement actions — formal agreements, cease-and-desist orders, and civil money penalties — at occ.gov. For institutions the OCC and CFPB jointly supervise (large national banks), both databases may carry records from the same underlying examination.
• DOJ Housing and Civil Enforcement Section: The Department of Justice enforces the Fair Housing Act and ECOA through its own litigation program, often coordinating with CFPB on redlining and fair lending cases (as in BancorpSouth). The DOJ publishes press releases for all settlements; there is no structured database, but the pattern of joint actions — CFPB brings the consumer protection claim, DOJ brings the FHA claim — is consistent.
• FTC enforcement: The Federal Trade Commission retains concurrent jurisdiction over non-bank financial companies not supervised by the CFPB. The FTC's fintech and financial services enforcement actions appear in its own case database and often cover overlapping UDAAP theories under FTC Act Section 5.
• State attorneys general: Many CFPB consent orders explicitly preserve state enforcement rights. The National Association of Attorneys General (NAAG) maintains a multistate enforcement database, and several large consumer finance settlements have involved coordinated federal-state actions.

Analytical applications

The enforcement database is a primary source for several categories of research and due diligence work:

• M&A and lending due diligence: A target company's enforcement history — including consent orders still in force — is material to any acquisition of a bank, mortgage company, or fintech. Consent orders frequently impose ongoing compliance obligations, independent monitor requirements, and prohibitions on certain products that survive a change of control.
• Industry-wide pattern analysis: Clustering enforcement actions by violation type reveals which product categories (payday lending, student loan servicing, auto lending, credit reporting) are attracting regulatory attention in a given period.
• Complaint-to-enforcement lead time: By joining the enforcement database with the Consumer Complaint Database on institution name, researchers can estimate the average gap between complaint signal and public action, which varies substantially by institution size and violation type.
• Penalty benchmarking: Civil money penalties in the enforcement database, normalized by institution asset size or loan volume, provide a rough market for “what does this violation cost?” — useful input for compliance cost-benefit analysis.

Data quality and limitations

The enforcement database is authoritative but incomplete in a specific sense: it records only public actions. Confidential supervisory findings, informal enforcement guidance, and matters resolved through supervisory channels without public announcement are not included. The database also does not include actions against individuals (as opposed to companies) in most cases, and the relief amounts reported in the database are as-agreed in the consent order, not as-actually-collected — a distinction that matters when an institution later fails or is acquired.

Relief descriptions are prose rather than structured fields in the underlying HTML, which is why the parser in the code above uses regex extraction rather than a clean JSON attribute. Dollar amounts sometimes appear in multiple paragraphs (total relief vs. consumer redress vs. civil money penalty broken out separately), and the parser's first-match logic will capture whichever appears first in the document. For high-precision analysis, manual review of the PDF consent orders is the authoritative source.

Related writing

The CFPB consumer complaint database tracks 5M+ complaints that often precede enforcement action by 18–36 months — the leading indicator to this dataset's lagging record.

The SEC enforcement actions database covers 700–800 securities law actions per year using a similar administrative proceeding / court action structure.

The HHS OIG exclusion list is the healthcare equivalent — a public blacklist of individuals and entities barred from federal program participation.